package org.apereo.cas.webauthn.web.flow;

import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apereo.cas.configuration.CasConfigurationProperties;
import org.apereo.cas.configuration.model.support.mfa.webauthn.WebAuthnMultifactorAuthenticationProperties;
import org.apereo.cas.util.CollectionUtils;
import org.apereo.cas.web.flow.actions.ConsumerExecutionAction;
import org.apereo.cas.web.flow.configurer.AbstractCasMultifactorWebflowConfigurer;
import org.apereo.cas.web.flow.configurer.CasMultifactorWebflowCustomizer;
import org.apereo.cas.web.support.WebUtils;
import org.apereo.cas.webauthn.WebAuthnCredential;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.csrf.CsrfTokenRepository;
import org.springframework.util.StringUtils;
import org.springframework.webflow.action.SetAction;
import org.springframework.webflow.definition.registry.FlowDefinitionRegistry;
import org.springframework.webflow.engine.ActionState;
import org.springframework.webflow.engine.Flow;
import org.springframework.webflow.engine.ViewState;
import org.springframework.webflow.engine.builder.support.FlowBuilderServices;
import org.springframework.webflow.execution.Action;

/* loaded from: input_file:org/apereo/cas/webauthn/web/flow/WebAuthnMultifactorWebflowConfigurer.class */
public class WebAuthnMultifactorWebflowConfigurer extends AbstractCasMultifactorWebflowConfigurer {
    public static final String MFA_WEB_AUTHN_EVENT_ID = "mfa-webauthn";
    private static final String TRANSITION_ID_VALIDATE_WEBAUTHN = "validateWebAuthn";
    private final CsrfTokenRepository csrfTokenRepository;

    public WebAuthnMultifactorWebflowConfigurer(FlowBuilderServices flowBuilderServices, FlowDefinitionRegistry flowDefinitionRegistry, FlowDefinitionRegistry flowDefinitionRegistry2, ConfigurableApplicationContext configurableApplicationContext, CasConfigurationProperties casConfigurationProperties, List<CasMultifactorWebflowCustomizer> list, CsrfTokenRepository csrfTokenRepository) {
        super(flowBuilderServices, flowDefinitionRegistry, configurableApplicationContext, casConfigurationProperties, Optional.of(flowDefinitionRegistry2), list);
        this.csrfTokenRepository = csrfTokenRepository;
    }

    protected void doInitialize() {
        ConsumerExecutionAction consumerExecutionAction = new ConsumerExecutionAction(requestContext -> {
            HttpServletRequest httpServletRequestFromExternalWebflowContext = WebUtils.getHttpServletRequestFromExternalWebflowContext(requestContext);
            HttpServletResponse httpServletResponseFromExternalWebflowContext = WebUtils.getHttpServletResponseFromExternalWebflowContext(requestContext);
            httpServletRequestFromExternalWebflowContext.setAttribute(HttpServletResponse.class.getName(), httpServletResponseFromExternalWebflowContext);
            CsrfToken loadToken = this.csrfTokenRepository.loadToken(httpServletRequestFromExternalWebflowContext);
            if (loadToken == null) {
                loadToken = this.csrfTokenRepository.generateToken(httpServletRequestFromExternalWebflowContext);
                this.csrfTokenRepository.saveToken(loadToken, httpServletRequestFromExternalWebflowContext, httpServletResponseFromExternalWebflowContext);
            }
            requestContext.getFlowScope().put(loadToken.getParameterName(), loadToken);
        });
        this.multifactorAuthenticationFlowDefinitionRegistries.forEach(flowDefinitionRegistry -> {
            Flow flow = getFlow(flowDefinitionRegistry, MFA_WEB_AUTHN_EVENT_ID);
            createFlowVariable(flow, "credential", WebAuthnCredential.class);
            flow.getStartActionList().add(createEvaluateAction("initialFlowSetupAction"));
            createEndState(flow, "success");
            ActionState createActionState = createActionState(flow, "initializeLoginForm", createEvaluateAction("initializeLoginAction"));
            createTransitionForState(createActionState, "success", "accountRegistrationCheck");
            setStartState(flow, createActionState);
            ActionState createActionState2 = createActionState(flow, "accountRegistrationCheck", createEvaluateAction("webAuthnCheckAccountRegistrationAction"));
            createTransitionForState(createActionState2, "register", "viewRegistrationWebAuthn");
            createTransitionForState(createActionState2, "success", "viewLoginForm");
            SetAction createSetAction = createSetAction("viewScope.principal", "conversationScope.authentication.principal");
            ViewState createViewState = createViewState(flow, "viewRegistrationWebAuthn", "webauthn/casWebAuthnRegistrationView");
            createViewState.getEntryActionList().addAll(new Action[]{createEvaluateAction("populateSpringSecurityContextAction"), consumerExecutionAction, createEvaluateAction("webAuthnStartRegistrationAction"), createSetAction});
            createTransitionForState(createViewState, "submit", "saveRegistration");
            ActionState createActionState3 = createActionState(flow, "saveRegistration", "webAuthnSaveAccountRegistrationAction");
            createTransitionForState(createActionState3, "success", "accountRegistrationCheck");
            createTransitionForState(createActionState3, "error", "stopWebflow");
            ViewState createViewState2 = createViewState(flow, "viewLoginForm", "webauthn/casWebAuthnLoginView", createStateBinderConfiguration(CollectionUtils.wrapList(new String[]{"token"})));
            createStateModelBinding(createViewState2, "credential", WebAuthnCredential.class);
            createViewState2.getEntryActionList().addAll(new Action[]{consumerExecutionAction, createEvaluateAction("webAuthnStartAuthenticationAction"), createSetAction});
            createTransitionForState(createViewState2, TRANSITION_ID_VALIDATE_WEBAUTHN, "realSubmit", Map.of("bind", Boolean.TRUE, "validate", Boolean.TRUE));
            ActionState createActionState4 = createActionState(flow, "realSubmit", createEvaluateAction("webAuthnAuthenticationWebflowAction"));
            createTransitionForState(createActionState4, "success", "success");
            createTransitionForState(createActionState4, "error", "viewLoginForm");
            createViewState(flow, "stopWebflow", "error");
        });
        WebAuthnMultifactorAuthenticationProperties webAuthn = this.casProperties.getAuthn().getMfa().getWebAuthn();
        registerMultifactorProviderAuthenticationWebflow(getLoginFlow(), MFA_WEB_AUTHN_EVENT_ID, webAuthn.getId());
        Flow loginFlow = getLoginFlow();
        if (loginFlow == null || !webAuthn.getCore().isAllowPrimaryAuthentication()) {
            return;
        }
        loginFlow.getStartActionList().add(createSetAction("flowScope.webauthnApplicationId", StringUtils.quote(org.apache.commons.lang3.StringUtils.defaultString(webAuthn.getCore().getApplicationId(), this.casProperties.getServer().getName()))));
        loginFlow.getStartActionList().add(createSetAction("flowScope.webAuthnPrimaryAuthenticationEnabled", "true"));
        loginFlow.getStartActionList().add(consumerExecutionAction);
        createTransitionForState(getState(loginFlow, "viewLoginForm"), TRANSITION_ID_VALIDATE_WEBAUTHN, "validateWebAuthnToken");
        ActionState createActionState = createActionState(loginFlow, "validateWebAuthnToken", "webAuthnValidateSessionCredentialTokenAction");
        createActionState.getEntryActionList().add(createSetAction("flowScope.".concat("mfaProviderId"), StringUtils.quote(webAuthn.getId())));
        createTransitionForState(createActionState, "finalize", "realSubmit");
    }
}
